Secrets, lies, and electronic voting {Diebold with a Vengance}

Reason Online ^ | November 11, 2003 | Julian Sanchez

[George Frm Br00klyn Park]

Reason Magazine

November 11, 2003

Diebold with a Vengance

Secrets, lies, and electronic voting

Julian Sanchez

As the autumn of 2000 drew to a close, citizens of the wealthiest nation on the planet suddenly began to feel a bit... backwards. A country still reeling from the unwelcome realization that the magical Bill Gates and his crack squad of Internet pixies had not forever vanquished the business cycle abruptly discovered that a close contest for leadership of the economic and military juggernaut that is the United States would turn on hanging chads. For week after tedious week, we tuned in to CNN to watch weary volunteers squinting at punch cards, debating the significance of each dimple and perforation with the intensity of medieval schoolmen poring over scripture. How grotesquely lo-fi! Why not just scratch out your favored candidate's name on the cave wall with a sharp bone?

The talking heads appointed to conduct the autopsy of that imbroglio appeared to be in broad agreement: the whole sordid affair would have been prevented if only Florida had been with it, man and implemented electronic touchscreen voting statewide. (Reason, too, was on the bandwagon.) The companies that make electronic voting machines were delighted to join the chorus, with batallions of erstwhile elected officials on hand to lobby their former colleagues to install the next insanely great thing in voting gadgetry on the double.

Legislators in Florida, stung by the national giggles elicited by the poodle orgy that was the 2000 election, quickly banned the old punchcard machines and began a statewide phase-in of touchscreen machines, as did Georgia. Recent estimates by Election Data Services found that counties using electronic voting machines now comprised almost 20 percent of the electorate, more than double the number just six years earlier. Some citizens could even be voting online by 2004.

But Floridians don't seem convinced that bytes beat butterflies: A quarter say that they are "not at all confident" in the new technology, and half believe that it's important for machines to preserve a paper trail of votes—something that's not currently done.

If anything, though, voters may not be skeptical enough. A joint report, released this summer, by researchers at Rice and Johns Hopkins universities, found that the system developed by e-voting manufacturer Diebold "is far below even the most minimal security standards applicable in other contexts."

Diebold, for its part, has taken the Scientology approach to its critics: when some 15,000 internal messages and memoranda detailing security flaws, written between January 1999 and March 2003, were obtained by hackers and leaked in August, the company let slip the dogs of law in a massive effort to prevent their dissemination. Diebold claims that, under the Digital Millennium Copyright Act, student activists who've posted the documents are committing a crime. They're now engaged in a legal game of cat-and-mouse with an ever-increasing number of university-based mirrors that have some protection from suit under the DMCA's academic "safe harbor" provision.

The Electronic Frontier Foundation has also entered the fray: The high-tech civil liberties group contends that reproduction of the documents for the purpose of public debate over e-voting falls squarely under the fair use exception to copyright rules. And their argument is at least somewhat plausible. This is not, after all, the new Eminem single being passed around, and it's not as though the ability to read these critiques online is interfering with Diebold's efforts to sell its memos on e-Bay.

The company's concern with secrecy is a bit ironic, considering that not merely critical discussion but the firm's source code itself was recently found to be available on an open FTP server, while competitor Sequioa's code was leaked in October.

Napsterized memos are perhaps the least of Diebold's problems. Allegations have surfaced that upgrades to voting software used in the most recent California elections had not been independently certified, a violation of state law. The more conspiratorially minded have even attributed surprising results in hotly contested 2002 congressional races to e-chicanery on the 's part.

That suspicion is tied in no small way to the fact that Diebold CEO Walden O'Dell is a major GOP fundraiser who told Buckeye State Republicans in an August fundraising letter that he was "committed to helping Ohio deliver its electoral votes to the president next year."

Despite these myriad concerns, it remains important to proceed with the transition to electronic voting with—apologies to the Supreme Court—all deliberate speed. After all, as with so many public policy questions, our standard of evaluation when it comes to e-voting is not perfection: The standard is the alternative.

Recall—if anything stands out clearly in the carnival haze of the California gubernatorial recall election—that the suit filed by the ACLU to block the recall was based on the argument that the constitutional guarantee of equal protection was violated by local disparities in voting equipment. There's something to this notion. For all the potential problems with e-voting, there is no doubt that the error rates associated with punch card systems are unacceptably high. As affluent districts update their own voting booths, there is a real risk that those in poorer areas will be left with a disproportionate chance of having their votes miscounted—a difference with the potential to change electoral outcomes in close races. Our caution in moving forward should be tempered by an awareness of this persistent inequality.

At least one crucial change in the current approach should be made, however. At present, companies like Diebold seem convinced that secrecy is the better part of security. This is wrong. As the authors of the Rice/Hopkins study concluded, "even the most serious of our outsider attacks could have been discovered without the source code. In the face of such attacks, the usual worries about insider threats are not the only concerns; outsiders can do the damage."

States implementing e-voting should instead seek to mimic Australia's open source approach, making the process of vetting the balloting code as open and transparent as the elections it facilitates ought to be.

benefits of peer-production methods in ordinary programming contexts have been much discussed. But when it comes to the production of voting software, a context in which perceived legitimacy is as important as efficiency, open source has an added advantage.

Public concern about electronic voting is tied to fears of information asymmetry—the same asymmetry that companies claim is so necessary for security. The real danger is not that security holes will be discussed openly on Internet chat forums, but that they will become known to a few, while the public at large remains ignorant of the potential problems. After all, the advantages of electronic voting tabulation— speed and automation—would also make it far more difficult to detect tampering and fraud after the fact. When the code that powers our new voting booths is open to public inspection, not only are potential flaws apt to be detected more quickly, but voters can feel confident that no back doors lurk hidden in the system, waiting for an unscrupulous candidate to type "xyzzy" for a landslide victory.

Julian Sanchez is Reason's Assistant Editor. He lives in Washington, D.C.

THIS article at Reason Magazine Online

[George Frm Br00klyn Park]

If anything, though, voters may not be skeptical enough. A joint report, released this summer, by researchers at Rice and Johns Hopkins universities, found that the system developed by e-voting manufacturer Diebold "is far below even the most minimal security standards applicable in other contexts."

The company's concern with secrecy is a bit ironic, considering that not merely critical discussion but the firm's source code itself was recently found to be available on an open FTP server, while competitor Sequioa's code was leaked in October.

That suspicion is tied in no small way to the fact that Diebold CEO Walden O'Dell is a major GOP fundraiser who told Buckeye State Republicans in an August fundraising letter that he was "committed to helping Ohio deliver its electoral votes to the president next year."

At least one crucial change in the current approach should be made, however. At present, companies like Diebold seem convinced that secrecy is the better part of security. This is wrong. As the authors of the Rice/Hopkins study concluded, "even the most serious of our outsider attacks could have been discovered without the source code. In the face of such attacks, the usual worries about insider threats are not the only concerns; outsiders can do the damage."
====================================

All, Having donned my tin-foil hat, and asbestos PC flame retardant suit, suit, I am now ready to read all of the replies from those who say, in regard to "electrronic" voting, "Computers can't be manipulated!" Peace and love, George.

[George Frm Br00klyn Park]

BUMP!!

[steve50]

Glad to see this story getting some print. The hacked files, which must be accurate since they are being supressed under personal property and not libel laws, are damning.

[steve50]

Electronic voting is an idea whose time won't come for at least 20 years.

The problem is it doesn't have to be used everywhere. The internal e-mail shows one log in containing less than a thousand votes changing the totals by 16,000,iirc. All they need is a few of these machine districts in the proper states and they control all totals.

[expatpat]

The DU gremlins are very upset about this security problem, too!

[expatpat]

I truly doubt that DUmmies would actually believe in fair elections

I wouldn't say that, either -- they're scared of the GOP cheating them.

[ItsMyVoteDammit]

There would be nothing wrong with these machines if they would just provide a paper audit trail. Some way to do a recount or check the vote. Just one simple little change which would let us check to make sure the vote we touched is the vote the machine recorded. And the shame is that these machines are manufactured to print the vote confirmation which would stay behind a glass screen. The only thing that is needed is to change the programming code to let the machine print. But Diebold and the others say no. Why are they saying no? Everyone would stop complaining about these machines if this one step was done, but they are refusing to do it. Why?

[steve-b]

My guess is that they're angling for an easier-to-hack "open source" system.

Actually, open source is needed precisely because it makes it impossible to pull off these shenanigans without eventually getting caught.

That, and paper printout confirmations (which take priority over the electronic tally in any dispute).

[MissAmericanPie]

Anyone who thinks they can't and won't be is an idiot or worse someone with an agenda.

[George Frm Br00klyn Park]

"nyone who thinks they can't and won't be is an idiot or worse someone with an agenda."

MAP, The one that really got to me was the highly touted "PHD" who hosts one of the Television programs stating flatly on Ron Smith's radio program that, "Machines {computers} can't be manipulated!" When I bought it up, Ron laughingly said, "Only a PHD would say something like that." Machines {computers} HAVE to be "manipulated" to function A'tall. Do they teach this stuff in our institutions of "higher learning"? PHD; "Piled Higher and Deeper". Peace and love, George.